Unable to see logs for firewall rules?

Trying to see logs for the firewall. Basically I need to fix two issues.

  1. Firewall doesn’t seem to be working. I set the action to drop for 8096, yet it’s still working fine from outside > inside my network.
  2. I’m trying to get port 80 to point to a server, yet it’s not working. Which baffles me. I’ve been tinkering with it for days but i feel like there’s probably some basic thing I’m missing…

And the logs don’t seem to have records for anything regarding firewall, only DNS and DHCP…

Any ideas?

vyos.txt (11.2 KB)

Well now i have somehow made all inbound connections point to 8096 to a different server somehow… I’ve royally messed something up…

You have a firewall named OUTSIDE-IN but you don’t reference it anywhere. It’s all alone. You need to jump to it probably from your forward statement.

So add something like this? I’m guessing in a rule that is before rule 5. So lets say rule 1.

                    action jump
                    inbound-interface {
                        name eth1
                    jump-target OUTSIDE-IN

Yes, exactly like that.
And then tune/tweak as you require.

Okay so i’m seeing logs, so i’m guessing the way logging works is only if it actually blocks anything and not any and all firewall interactions?

Any way I can try to figure out why port 80 isn’t pointing to my server/NAS?

It depends on how you have logging setup, you can log every single packet if you want but I wouldn’t suggest doing that. You didn’t post your updated config so it’s hard to answer. However the way you have your rules you initially posted setup is set that so rule 10 which will accepts all established traffic, is not to log. You have “default-log” which means it’ll log packets that hit the default policy, which is deny. So you’d only be seeing packets that are denied or hit a rule with a log action.

tcpdump on your eth1 to verify packets are coming in (so many carriers use cgnat) would be the best start and working your way from there. Looking at your rules in your initial post I can’t see obviously why it wouldn’t be working.


GUI for building firewall configurations.